266 matches found
Debian DSA-2160-1 : tomcat6 - several vulnerabilities
Several vulnerabilities were discovered in the Tomcat Servlet and JSP engine : - CVE-2010-3718 It was discovered that the SecurityManager insufficiently restricted the working directory. - CVE-2011-0013 It was discovered that the HTML manager interface is affected by cross-site scripting. -...
DSA-2160-1 tomcat6 - several
Bulletin has no description...
Apache Tomcat 5.5.x < 5.5.30 Multiple Vulnerabilities
Binary data 5786.pasl...
Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities
Binary data 5789.pasl...
Apache Tomcat 7.0.0 < 7.0.4
The version of Tomcat installed on the remote host is prior to 7.0.4. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.4security-7 advisory. - Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the...
Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities
Binary data 800609.prm...
CVE-2010-3718
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attac...
Directory traversal
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attac...
CVE-2010-3718
CVE-2010-3718 affects Apache Tomcat 7.0.0–7.0.3, 6.0.x, and 5.5.x when running under a SecurityManager. The vulnerability is that ServletContext attributes are not made read-only, allowing local web applications to read or write files outside the intended working directory via a directory travers...
CVE-2010-3718
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attac...
Ubuntu: Security Advisory (USN-1055-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-1055-1: OpenJDK vulnerabilities
It was discovered that IcedTea for Java did not properly verify signatures when handling multiply signed or partially signed JAR files, allowing an attacker to cause code to execute that appeared to come from a verified source. CVE-2011-0025 USN 1052-1 fixed a vulnerability in OpenJDK for Ubuntu...
Ubuntu Update for openjdk-6, openjdk-6b18 vulnerability USN-1052-1
Ubuntu Update for Linux kernel vulnerabilities USN-1052-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10521.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for openjdk-6, openjdk-6b18 vulnerability USN-1052-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...
Ubuntu 9.10 / 10.04 LTS / 10.10 : openjdk-6, openjdk-6b18 vulnerability (USN-1052-1)
It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended scurity policy in its checkPermission method. This could allow an attacker execute code with privileges that should have been prevented. CVE-2010-4351. Note that...
USN-1052-1: OpenJDK vulnerability
It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended scurity policy in its checkPermission method. This could allow an attacker execute code with privileges that should have been prevented. CVE-2010-4351...
CVE-2010-4351
The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security...
Design/Logic Flaw
The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security...
CVE-2010-4351
The CVE-2010-4351 issue affects IcedTea JDK/OpenJDK (IcedTea.so) prior to versions 1.7.7, 1.8.4, and 1.9.4, where JNLP SecurityManager’s checkPermission could return instead of throwing an exception in certain circumstances. This can allow context-dependent attackers to bypass the intended securi...
CVE-2010-4351
The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security...
CVE-2010-4351
The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security...